Software Security Engineer / Vulnerability Researcher (Oxford, UK)

Are you fascinated by zero day vulnerabilities modern exploit mitigation techniques? Are you a dab hand at reverse engineering, CTF competitions or penetration testing? Do you take responsible disclosure and the ethics of hacking seriously? Would you like to help us secure the code that runs the world?

The main thing we look for in candidates is intelligence and the ability to learn. We are interested in talking to people at any point in their career: from Interns to Seniors and above. 

  Essential Requirements
  • Strong experience of one or more of the following programming languages:  C, C++, Java, Python, JavaScript, Rust, C#, Prolog, Ruby
  • Prior exposure / participation / experience in Software Security (commercially, academically or through personal work like bounty bug hunting, CTFs or publishing CVE’s)

  Desirable skills (advantageous but not essential)
  • A list of accredited CVEs (Common Vulnerabilities and Exposures) 
  • IDA, Radare, w3af, nmap, etherdump, american fuzzy lop etc.
  • Security audits, penetration testing, PoC creation, Whitebox, Code auditing, vulnerability hunting
  • Advanced OS experience: Linux, Android, Apple (iOS / MacOS) 
  • Open-source software development
  • Program analysis
  • Compiler construction
  • Advanced debugging techniques

As a security researcher at Semmle, you would be part of a team working to find zero-day vulnerabilities, both through original work and by looking for variants of known vulnerabilities. You’ll always use the best tool for the job, and spread the knowledge needed to create more secure software to the LGTM community. You’ll share your expertise with others, through blog posts and QL queries that can be applied widely. You’ll also help us with targeted security audits for our customers.

About Semmle
Semmle believes security is a shared responsibility. Our mission is to secure the code that runs the world by bringing the security and development communities together. Google, Microsoft, NASA, Uber, Palantir and many others rely on Semmle’s products to scale their security expertise and quickly explore any codebase to discover zero-days and all variants of vulnerabilities. We empower product security teams to deliver variant analysis results to development teams using LGTM to ship safe code and protect their customers. Semmle's platform enables the security community to collaborate and share their expertise in the field of variant code analysis and security research.

We offer intellectually stimulating work, competitive salaries, and a relaxed work environment in Oxford, Valencia, Copenhagen, New York, San Francisco or Seattle.

How do you apply?
Semmle aims to hire outstanding people who have a diversity of perspectives, ideas and cultures. We actively support diversity and inclusion in the workplace and are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, citizenship, marital status or disability status.

Please complete the following form to apply or feel free to get in touch with Zac Wallis at for more information. 

We encourage applicants to let us know of any accessibility requirements, so that we may provide the best possible support during the application process and your time at Semmle.

Want to apply later?

Type your email address below to receive a reminder

ErrorRequired field

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field